Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

7Critical158Important2Moderate0LowMicrosoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.Microsoft patched 167 CVEs in its October 2025 Patch Tuesday release, its largest Patch Tuesday release to date, with seven rated critical, 158 rated important, and two rated moderate. Our counts omitted 27 vulnerabilities, including 14 Chromium CVEs, three MITRE CVEs, one GitHub CVE, one CERT/CC CVE, and eight cloud CVEs that Microsoft published advisories for on October 9.This month’s update includes patches for:.NET.NET,.NET Framework, Visual StudioActive Directory Federation ServicesAgere Windows Modem DriverASP.NET CoreAzure Connected Machine AgentAzure Entra IDAzure LocalAzure MonitorAzure Monitor AgentAzure PlayFabConfidential Azure Container InstancesConnected Devices Platform Service (Cdpsvc)CopilotData Sharing Service ClientInbox COM ObjectsInternet ExplorerJDBC Driver for SQL ServerMicrosoft Brokering File SystemMicrosoft Configuration ManagerMicrosoft Defender for LinuxMicrosoft Exchange ServerMicrosoft Failover Cluster Virtual DriverMicrosoft Graphics ComponentMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office PowerPointMicrosoft Office SharePointMicrosoft Office VisioMicrosoft Office WordMicrosoft PowerShellMicrosoft WindowsMicrosoft Windows Search ComponentMicrosoft Windows SpeechNetwork Connection Status Indicator (NCSI)NtQueryInformation Token function (ntifs.h)Remote Desktop ClientSoftware Protection Platform (SPP)Storport.sys DriverVirtual Secure ModeVisual StudioWindows Ancillary Function Driver for WinSockWindows Authentication MethodsWindows BitLockerWindows Bluetooth ServiceWindows Cloud Files Mini Filter DriverWindows COMWindows Connected Devices Platform ServiceWindows Core ShellWindows Cryptographic ServicesWindows Device Association Broker serviceWindows Digital MediaWindows DirectXWindows DWMWindows DWM Core LibraryWindows Error ReportingWindows ETL ChannelWindows Failover ClusterWindows File ExplorerWindows Health and Optimized Experiences ServiceWindows HelloWindows High Availability ServicesWindows Hyper-VWindows KernelWindows Local Session Manager (LSM)Windows Management ServicesWindows MapUrlToZoneWindows NDISWindows NTFSWindows NTLMWindows PrintWorkflowUserSvcWindows Push Notification CoreWindows Remote Access Connection ManagerWindows Remote DesktopWindows Remote Desktop ProtocolWindows Remote Desktop ServicesWindows Remote Procedure CallWindows Resilient File System (ReFS)Windows Resilient File System (ReFS) Deduplication ServiceWindows Routing and Remote Access Service (RRAS)Windows Server Update ServiceWindows SMB ClientWindows SMB ServerWindows SSDP ServiceWindows StateRepository APIWindows Storage Management ProviderWindows Taskbar LiveWindows USB Video DriverWindows Virtualization-Based Security (VBS) EnclaveWindows WLAN Auto Config ServiceXboxXBox Gaming ServicesElevation of Privilege (EoP) vulnerabilities accounted for 47.9% of the vulnerabilities patched this month, followed by Remote Code Execution (RCE) vulnerabilities at 17.4%.ImportantCVE-2025-24052 and CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege VulnerabilitiesCVE-2025-24052 and CVE-2025-24990 are EoP vulnerabilities in the third party Agere Modem driver. Both CVEs were assigned CVSSv3 scores of 7.8 and rated as important. Microsoft reports that CVE-2025-24990 has been exploited in the wild and CVE-2025-24052 was disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges on an affected system.The ltmdm64.sys driver has historically shipped natively with supported Windows operating systems, but will no longer be supported following the October update. Microsoft notes, that ltmdm64.sys-dependent hardware will no longer work on Windows, and recommends users remove existing dependencies.ImportantCVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityCVE-2025-59230 is an EoP vulnerability affecting Windows Remote Access Connection Manager. According to Microsoft, this vulnerability has been exploited in the wild. It was assigned a CVSSv3 score of 7.8 and is rated as important. Exploitation of this vulnerability involves improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges.Including CVE-2025-59230, there have been 22 reported and patched vulnerabilities for the Windows Remote Access Connection Manager service (RasMan) since January 2022. CVE-2025-59230 is the first reported RasMan CVE to be exploited as a zero-day.CriticalCVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution VulnerabilityCVE-2025-59287 is a RCE in the Windows Server Update Service (WSUS). It was assigned a CVSSv3 score of 9.8 and rated critical. It has been assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. An attacker could exploit this vulnerability to gain RCE by sending a crafted event that leads to a deserialization of untrusted data.This is just the third WSUS vulnerability patched as part of Microsoft Patch Tuesday since 2023, when Microsoft patched two WSUS EoP vulnerabilities (CVE-2023-32056, CVE-2023-35317) in the July 2023 Patch Tuesday, but the first RCE and to be assessed as more likely to be exploited.CriticalCVE-2025-59227, CVE-2025-59234 | Microsoft Office Remote Code Execution VulnerabilityCVE-2025-59227 and CVE-2025-59234 are RCE vulnerabilities in Microsoft Office. Both vulnerabilities were assigned a CVSSv3 score of 7.8, rated critical and assessed as “Exploitation Less Likely.” An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker.Despite being flagged as “Less Likely” to be exploited, Microsoft notes that the Preview Pane is an attack vector for both CVEs, which means exploitation does not require the target to open the file.ImportantCVE-2025-55680 | Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityCVE-2025-55680 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It was assigned a CVSSv3 score of 7.8, rated important and assessed as “Exploitation More Likely.” A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation would allow the attacker to elevate to SYSTEM privileges.This is the 17th vulnerability in the Windows Cloud Files Mini Filter Driver since 2022. Microsoft patched two in 2022, six in 2023, six in 2024, and three in 2025. As part of its November 2023 Patch Tuesday release, Microsoft patched CVE-2023-36036, another EoP flaw, that was exploited in the wild as a zero-day.Windows 10 End of SupportAs of October 14, Windows 10 has reached its end of support. This means that no new security updates will be released for Windows 10 without being enrolled in the Extended Security Updates (ESU) program. To identify unsupported versions of Windows 10, customers can use plugin ID 192814.Additionally, Long-Term Servicing Branch (LTSB) support for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015 also ended as of October 14. Plugins to identify these versions are as follows:VersionPlugin IDWindows 10 IoT Enterprise LTSB 2015192775Windows 10 Enterprise 2015 LTSB213883Additional Microsoft Products End of SupportAs of October 14, several Microsoft Products have reached end of support or extended support. Since these products will no longer receive security updates, we recommend upgrading to supported versions as soon as possible.Exchange Server 2016Exchange Server 2019Outlook 2016Skype for Business Server 2015Skype for Business 2016Skype for Business Server 2019Windows 11 Enterprise and Education Version 22H2Windows 11 IoT Enterprise Version 22H2Tenable SolutionsA list of all the plugins released for Microsoft’s October 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.Get more informationMicrosoft's October 2025 Security UpdatesTenable plugins for Microsoft October 2025 Patch Tuesday Security UpdatesJoin Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.